What is HTTP Authentication?
HTTP supports the use of different different authentication mechanisms to controlling access of pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header.
Authentication is the process of identifying whether a client is eligible to access a resource. The HTTP protocol supports authentication as a means of negotiating access to a secure resource.
HTTP server applications can deny the anonymous request while indicating that authentication is required. The server application sends WWW-Authentication headers to indicate the supported authentication schemes.
HTTP Authentication Schemes
Server can specify multiple authentication schemes for the client to choose from. following authentications are available with the HTTP authentication schemes
Anonymous
An anonymous request does not contain any authentication information. This is equivalent to granting everyone access to the resource.
Basic
Basic authentication sends a Base64-encoded string that contains a user name and password for the client. Base64 is not a form of encryption and should be considered the same as sending the user name and password in clear text. If a resource needs to be protected, strongly consider using an authentication scheme other than basic authentication.
Digest
Digest authentication is a challenge-response scheme that is intended to replace Basic authentication. The server sends a string of random data called a nonce to the client as a challenge. The client responds with a hash that includes the user name, password, and nonce, among additional information. The complexity this exchange introduces and the data hashing make it more difficult to steal and reuse the user's credentials with this authentication scheme.
NTLM
NT LAN Manager (NTLM) authentication is a challenge-response scheme that is a securer variation of Digest authentication. NTLM uses Windows credentials to transform the challenge data instead of the unencoded user name and password. NTLM authentication requires multiple exchanges between the client and server. The server and any intervening proxies must support persistent connections to successfully complete the authentication.
Negotiate
Negotiate authentication automatically selects between the Kerberos protocol and NTLM authentication, depending on availability. The Kerberos protocol is used if it is available; otherwise, NTLM is tried. Kerberos authentication significantly improves upon NTLM. Kerberos authentication is both faster than NTLM and allows the use of mutual authentication and delegation of credentials to remote machines.
Windows Live ID
The underlying Windows HTTP service includes authentication using federated protocols. However, the standard HTTP transports in WCF do not support the use of federated authentication schemes, such as Microsoft Windows Live ID.
HTTP Authentication Framework:
Proxy authentication
Access forbidden
Authentication of cross-origin images
Character encoding of HTTP authentication
WWW-Authenticate and Proxy-Authenticate headers
Authorization and Proxy-Authorization headers
Authentication schemes
Basic Authentication Scheme:
Security of basic authentication
Restricting access with Apache and basic authentication
Restricting access with nginx and basic authentication
Access using credentials in the URL
Comments
Post a Comment